feat(server): support TLS

* Added https support. Will revert to http if either cert or key are empty strings.

* Update server/server.go

Co-authored-by: Senan Kelly <senan@senan.xyz>

* Fixed lint issues.

Co-authored-by: Senan Kelly <senan@senan.xyz>

README.md

@@ -150,12 +150,14 @@ view the admin UI at http://localhost:4747
 ## configuration options
 
 | env var                 | command line arg   | description                                                                                                 |
-|---|---|---|
+| ----------------------- | ------------------ | ----------------------------------------------------------------------------------------------------------- |
 | `GONIC_MUSIC_PATH`      | `-music-path`      | path to your music collection (see also multi-folder support below)                                         |
 | `GONIC_PODCAST_PATH`    | `-podcast-path`    | path to a podcasts directory                                                                                |
 | `GONIC_CACHE_PATH`      | `-cache-path`      | path to store audio transcodes, covers, etc                                                                 |
 | `GONIC_DB_PATH`         | `-db-path`         | **optional** path to database file                                                                          |
-|`GONIC_LISTEN_ADDR`|`-listen-addr`|**optional** host and port to listen on (eg. `0.0.0.0:4747`, `127.0.0.1:4747`) (*default* `0.0.0.0:4747`)|
+| `GONIC_LISTEN_ADDR`     | `-listen-addr`     | **optional** host and port to listen on (eg. `0.0.0.0:4747`, `127.0.0.1:4747`) (_default_ `0.0.0.0:4747`)   |
+| `GONIC_TLS_CERT`        | `-tls-cert`        | **optional** path to a TLS cert (enables HTTPS listening)                                                   |
+| `GONIC_TLS_KEY`         | `-tls-key`         | **optional** path to a TLS key (enables HTTPS listening)                                                    |
 | `GONIC_PROXY_PREFIX`    | `-proxy-prefix`    | **optional** url path prefix to use if behind reverse proxy. eg `/gonic` (see example configs below)        |
 | `GONIC_SCAN_INTERVAL`   | `-scan-interval`   | **optional** interval (in minutes) to check for new music (automatic scanning disabled if omitted)          |
 | `GONIC_JUKEBOX_ENABLED` | `-jukebox-enabled` | **optional** whether the subsonic [jukebox api](https://airsonic.github.io/docs/jukebox/) should be enabled |

cmd/gonic/gonic.go

@@ -30,6 +30,8 @@ const (
 func main() {
 	set := flag.NewFlagSet(gonic.Name, flag.ExitOnError)
 	confListenAddr := set.String("listen-addr", "0.0.0.0:4747", "listen address (optional)")
+	confTLSCert := set.String("tls-cert", "", "path to TLS certificate (optional)")
+	confTLSKey := set.String("tls-key", "", "path to TLS private key (optional)")
 	confPodcastPath := set.String("podcast-path", "", "path to podcasts")
 	confCachePath := set.String("cache-path", "", "path to cache")
 	confDBPath := set.String("db-path", "gonic.db", "path to database (optional)")
@@ -125,7 +127,7 @@ func main() {
 	}
 
 	var g run.Group
-	g.Add(server.StartHTTP(*confListenAddr))
+	g.Add(server.StartHTTP(*confListenAddr, *confTLSCert, *confTLSKey))
 	g.Add(server.StartSessionClean(cleanTimeDuration))
 	g.Add(server.StartPodcastRefresher(time.Hour))
 	if *confScanInterval > 0 {

server/server.go

@@ -264,7 +264,7 @@ type (
 	FuncInterrupt func(error)
 )
 
-func (s *Server) StartHTTP(listenAddr string) (FuncExecute, FuncInterrupt) {
+func (s *Server) StartHTTP(listenAddr string, tlsCert string, tlsKey string) (FuncExecute, FuncInterrupt) {
 	list := &http.Server{
 		Addr:         listenAddr,
 		Handler:      s.router,
@@ -274,6 +274,9 @@ func (s *Server) StartHTTP(listenAddr string) (FuncExecute, FuncInterrupt) {
 	}
 	return func() error {
 			log.Print("starting job 'http'\n")
+			if tlsCert != "" && tlsKey != "" {
+				return list.ListenAndServeTLS(tlsCert, tlsKey)
+			}
 			return list.ListenAndServe()
 		}, func(_ error) {
 			// stop job